12 June 19, 17:28
Quote:A team of academic researchers has discovered a follow-on to the Rowhammer class of attacks that allows attackers to read memory data on a target Windows computer, without actually accessing the memory itself. The method is dubbed RAMBleed.
Andrew Kwong and Daniel Genkin at the University of Michigan, Daniel Gruss at Graz University of Technology and Yuval Yarom at University of Adelaide have disclosed the attack method, which, by observing Rowhammer-induced bit flips in memory, can deduce the values in nearby dynamic random-access memory (DRAM) rows.
The original 2015 Rowhammer flaw is a method for repeatedly hammering on rows of cells of memory in devices to induce cells to flip from one state to another. Specifically, repeated accesses to rows in DRAM can lead to bit flips in neighboring rows (not only the direct neighbors), even if these neighboring rows are not accessed, according to the researchers.
Attackers can exploit these cross-process bit flips for a myriad of purposes, including privilege escalation and complete device takeover. Google’s Project Zero initially discovered the Rowhammer vulnerability and showed how a malicious app could produce these bit flips in cells and gain kernel-level privileges to laptops and PCs.
RAMBleed (CVE-2019-0174) is taking a new approach, using Rowhammer as a read side-channel to access the bits that “bleed” out of the RAM.
“Previous attacks exploited the Rowhammer effect to write (or flip) bits in the victim’s memory. RAMBleed is different in that it uses Rowhammer for reading data stored inside the computer’s physical memory,” the researchers explained in a write-up on the attack, posted Tuesday. “As the physical memory is shared among all process in the system, this puts all processes at risk.”
SOURCE: https://threatpost.com/rambleed-side-cha...ry/145629/